1. Field of the Invention
The present invention relates to the field of Internet hosting and security, and more particularly, to a method and system for providing security to hosting sites on a data network such as the Internet and mitigating electronic attacks against such sites.
2. Description of the Related Art
The proliferation of the Internet and its multimedia interface, the World Wide Web, opens up a new channel for commerce and information. Individuals and businesses are racing in waves to the Internet to access information or establish electronic commerce (e-commerce) sites in order to tap into this newfound channel. Individuals who desire to get onto the Internet to access information include those who desire to obtain information that they are not privy to retrieve. Thus, the desire of a business to set up its own e-commerce site also comes with a desire to secure such site from unwanted intruders. Unlike the traditional brick-and-mortar shop, which merely requires physical security to prevent intrusion, an e-commerce site requires both physical security and electronic security to do the same. Physical security is required to protect and house the hardware and software components needed to host the e-commerce site. Additionally, because the e-commerce site is open to the public through an electronic medium such as the Internet, electronic security is also needed to prevent intruders from electronically tampering with the software components and confidential information residing in the hardware components.
The conventional scheme to provide electronic security is to set up a firewall between the e-commerce or Internet hosting site and the Internet to prevent intruders from accessing file and application servers supporting the hosting site. The firewall also protects an intranet or a private network from the outside world. However, setting up a firewall is such a complicated task that, if not done properly, may provide intruders with opportunities to attack and penetrate the firewall. For instance, a firewall may be attacked based on an application bug inherent in the firewall. It may also be penetrated via a compromise in access security to the firewall. The firewall may also be exploited through any misconfigurations by the firewall administrator. Additionally, a firewall is susceptible to and cannot withstand connection floodings often used by intruders in their desire to gain illegitimate access to the site or cripple the site with denial-of-service attacks.